/*!
 *
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public License, version 2 as published by the Free Software
 * Foundation.
 *
 * You should have received a copy of the GNU General Public License along with this
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/gpl-2.0.html
 * or from the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 *
 * Copyright (c) 2002-2018 Hitachi Vantara. All rights reserved.
 *
 */

package org.pentaho.platform.repository2.unified.lifecycle;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.security.userroledao.IPentahoRole;
import org.pentaho.platform.api.engine.security.userroledao.IPentahoUser;
import org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.util.IPasswordService;
import org.pentaho.platform.api.util.PasswordServiceException;
import org.pentaho.platform.repository2.unified.jcr.IPathConversionHelper;
import org.pentaho.platform.repository2.unified.jcr.JcrTenantUtils;
import org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao;
import org.springframework.extensions.jcr.JcrTemplate;
import org.springframework.transaction.support.TransactionTemplate;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

public class DefaultUserRepositoryLifecycleManager extends AbstractBackingRepositoryLifecycleManager {

  private static final Log logger = LogFactory.getLog( DefaultUserRepositoryLifecycleManager.class );
  private static final ITenant DEFAULT_TENANT = JcrTenantUtils.getDefaultTenant();
  private static final String[] EMPTY_STRING_ARRAY = new String[] {};

  private final IRoleAuthorizationPolicyRoleBindingDao roleBindingDao;
  private final IPasswordService passwordService;

  private final IUserRoleDao userRoleDao;
  private Map<String, List<String>> roleMappings;
  private Map<String, List<String>> userRoleMappings;
  private String singleTenantAdminPassword;
  private String nonAdminPassword;
  private String singleTenantAdminUserName;
  private List<String> systemRoles;
  public static final String DEFAULT_USERS_LOADED_METADATA = "defaultUsersLoaded";

  public DefaultUserRepositoryLifecycleManager( final IRoleAuthorizationPolicyRoleBindingDao roleBindingDao,
      final IPasswordService passwordService, final IUserRoleDao userRoleDao, final String singleTenantAdminUserName,
      final List<String> systemRoles, final TransactionTemplate txnTemplate, final JcrTemplate adminJcrTemplate,
      final IPathConversionHelper pathConversionHelper ) {
    super( txnTemplate, adminJcrTemplate, pathConversionHelper );
    this.roleBindingDao = roleBindingDao;
    this.passwordService = passwordService;
    this.userRoleDao = userRoleDao;
    this.singleTenantAdminUserName = singleTenantAdminUserName;
    this.systemRoles = systemRoles;
  }

  @Override
  public void newTenant() {
  }

  @Override
  public void newTenant( ITenant arg0 ) {
  }

  @Override
  public void newUser() {
  }

  @Override
  public void newUser( ITenant arg0, String arg1 ) {
  }

  @Override
  public void shutdown() {
  }

  @Override
  public void startup() {
    if ( !doesMetadataExists( DEFAULT_USERS_LOADED_METADATA ) ) {
      configureRoles();
      try {
        configureUsers();
      } catch ( PasswordServiceException e ) {
        logger.error( "Failed configuring users.", e );
      }
      addMetadataToRepository( DEFAULT_USERS_LOADED_METADATA );
    }
  }

  private void configureRoles() {

    if ( logger.isDebugEnabled() ) {
      logger.debug( "Configuring default role mappings." );
    }

    for ( final String roleName : roleMappings.keySet() ) {
      final IPentahoRole role = userRoleDao.getRole( DEFAULT_TENANT, roleName );
      if ( role == null ) {
        if ( logger.isDebugEnabled() ) {
          logger.debug( "Creating user role: " + roleName );
        }
        userRoleDao.createRole( DEFAULT_TENANT, roleName, "", EMPTY_STRING_ARRAY );
        final List<String> logicalRoles = roleMappings.get( roleName );
        if ( logicalRoles.size() > 0 ) {
          roleBindingDao.setRoleBindings( DEFAULT_TENANT, roleName, logicalRoles );
        }
        if ( logger.isDebugEnabled() ) {
          StringBuffer buffer = new StringBuffer();
          for ( String logicalRole : logicalRoles ) {
            buffer.append( logicalRole + " " );
          }
          logger.debug( "Create Role[" + roleName + "] with logical roles [ " + buffer + " ]" );
        }

      } else {
        if ( logger.isDebugEnabled() ) {
          logger.debug( "Skipping config. Role[" + roleName + "] already registered." );
        }
      }
    }
  }

  private void configureUsers() throws PasswordServiceException {

    String singleTenantAdminPlainTextPassword = passwordService.decrypt( singleTenantAdminPassword );
    String nonAdminPasswordPlainTextPassword = passwordService.decrypt( nonAdminPassword );

    for ( final String userName : userRoleMappings.keySet() ) {

      final IPentahoUser user = userRoleDao.getUser( DEFAULT_TENANT, userName );

      if ( user == null ) {
        StringBuffer buffer = new StringBuffer();
        if ( logger.isDebugEnabled() ) {
          logger.debug( "Creating user: " + userName );
        }

        List<String> roleNames = new ArrayList<String>();

        for ( String roleName : userRoleMappings.get( userName ) ) {

          if ( roleMappings.containsKey( roleName ) || systemRoles.contains( roleName ) ) {
            roleNames.add( roleName );
            buffer.append( roleName + "  " );
          } else {
            logger.error( "Unable to map undefined role to user. User[" + userName + "] Role[" + roleName + "]" );
          }
        }

        if ( singleTenantAdminUserName.equals( userName ) ) {
          userRoleDao.createUser( DEFAULT_TENANT, userName, singleTenantAdminPlainTextPassword, "user", roleNames
              .toArray( EMPTY_STRING_ARRAY ) );
        } else {
          userRoleDao.createUser( DEFAULT_TENANT, userName, nonAdminPasswordPlainTextPassword, "user", roleNames
              .toArray( EMPTY_STRING_ARRAY ) );
        }
        if ( logger.isDebugEnabled() ) {
          logger.debug( "Created user: " + userName + "with role mappings [" + buffer + "]" );
        }
      }
    }
  }

  public Map<String, List<String>> getRoleMappings() {
    return roleMappings;
  }

  public void setRoleMappings( Map<String, List<String>> roleMappings ) {
    this.roleMappings = roleMappings;
  }

  public Map<String, List<String>> getUserRoleMappings() {
    return userRoleMappings;
  }

  public void setUserRoleMappings( Map<String, List<String>> userRoleMappings ) {
    this.userRoleMappings = userRoleMappings;
  }

  public String getNonAdminPassword() {
    return nonAdminPassword;
  }

  public void setNonAdminPassword( String nonAdminPassword ) {
    this.nonAdminPassword = nonAdminPassword;
  }

  public String getSingleTenantAdminPassword() {
    return singleTenantAdminPassword;
  }

  public void setSingleTenantAdminPassword( String singleTenantAdminPassword ) {
    this.singleTenantAdminPassword = singleTenantAdminPassword;
  }
}
